Skip to main content
CVE-2013-5688 MEDIUM POC PATCH This Month

Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Ajaxplorer
NVD Exploit-DB
CVSS 2.0
5.5
EPSS
3.0%
CVE-2013-5695 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Opsview
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4419 MEDIUM PATCH This Month

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary. Rated medium severity (CVSS 6.8).

Privilege Escalation Libguestfs Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3264 MEDIUM This Month

The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP Wp Ultimate Email Marketer Plugin
NVD
CVSS 2.0
6.4
EPSS
0.7%
CVE-2013-4497 MEDIUM PATCH This Month

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Havana Grizzly Folsom
NVD
CVSS 2.0
6.4
EPSS
0.1%
CVE-2013-4435 MEDIUM PATCH This Month

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2013-6077 MEDIUM This Month

Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Citrix Xendesktop
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-4502 MEDIUM PATCH This Month

Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Chrony
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2012-4503 MEDIUM PATCH This Month

cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Chrony
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4439 MEDIUM PATCH This Month

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Salt
NVD GitHub
CVSS 2.0
4.9
EPSS
0.2%
CVE-2013-4453 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Ldap Account Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5670 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Serendipity
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4135 MEDIUM This Month

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3263 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS Wp Ultimate Email Marketer Plugin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4134 MEDIUM This Month

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy